All Vulnerability Reports

CVE-2018-1191: Garden may log Docker passwords


Severity

High

References
Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Application Service
    • 2.0.x versions prior to 2.0.7
    • 1.12.x versions prior to 1.12.16
    • 1.11.x versions prior to 1.11.28
  • PCF Isolation Segment
    • 2.0.x versions prior to 2.0.6
    • 1.12.x versions prior to 1.12.15
    • 1.11.x versions prior to 1.11.26
  • Concourse for PCF
    • Versions prior to 3.9.2
    • Deployments using Garden runC prior to version v1.11.0
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Application Service: 2.1.0, 2.0.7, 1.12.16, 1.11.28
    • PCF Isolation Segment: 2.1.0, 2.0.6, 1.12.15, 1.11.26
    • Concourse for PCF: 3.9.2